<?php
//print_r($_POST);//Array ( [clazz] => 00b [uname] => )
require_once('config.inc.php');//$pdo; $uid; ROOT

//$_POST = ['clazz'=>'2018php','uname'=>''];
$_SESSION['user']['power'] = 1;
if(empty($_SESSION['user']['power']) || (int)$_SESSION['user']['power'] <= 0){
	die('你没有足够的权限！');
}

if(empty($_POST['clazz'])){
	die('你这是非法访问！');
}
$clazz = $_POST['clazz'];

$uname = empty($_POST['uname']) ? '' : trim($_POST['uname']);



//$sql = "SELECT * FROM stu_info WHERE 1=1";
if($clazz != '00b' && $uname != ''){
	$sql = "SELECT * FROM stu_info WHERE cid=? AND uname LIKE ?";
	$stmt = $pdo->prepare($sql);
	$stmt->execute([$clazz,"%${uname}%"]);
}elseif($clazz == '00b' && $uname != ''){
	$sql = "SELECT * FROM stu_info WHERE uname=?";
	$stmt = $pdo->prepare($sql);
	$stmt->execute(["%${uname}%"]);
}elseif($clazz != '00b' && empty($uname)){
	$sql = "SELECT * FROM stu_info WHERE cid=?";
	$stmt = $pdo->prepare($sql);
	$stmt->execute([$clazz]);
}else{
	$sql = "SELECT * FROM stu_info";
	$stmt = $pdo->prepare($sql);
	$stmt->execute();
}
//echo $stmt->rowCount();
while($row = $stmt->fetch(PDO::FETCH_ASSOC)){
	//print_r($row);
	$str = '<tr>';
	$str .= '<td>'.$row['uname'].'</td>'.'<td>'.$row['cid'].'</td>'
	.'<td class="photo">'.$row['cardid'].'</td>'.'<td class="photo-addr" style="display:none;">'.$row['card_p'].'</td>'
	.'<td>'.$row['addr'].'</td>'.'<td>'.$row['tel'].'</td>'.'<td>'.$row['h_name'].'</td>'.'<td>'.$row['h_call'].'</td>'.'<td>'.$row['h_tel'].'</td>'.'<td>'.$row['h1_name'].'</td>'.'<td>'.$row['h1_call'].'</td>'.'<td>'.$row['h1_tel'].'</td>';
	$str .= '</tr>';
	echo $str;
}
?>
